Saturday, June 9, 2018

WiFi router for small business

I apologize if this is the wrong sub (if so, please kindly direct me to an appropriate sub).

My small business is surrounded by a couple dozen other WiFi sources, and seems to be the cause of my devices routinely connecting/disconnecting throughout the day. These interruptions usually last just 15-30 seconds.

We currently have Fiber Optic through Century Link business internet. We have about 10 devices connected. Our devices include Buffalo BS-GU2008, Firebox T10, and Watchguard AP100.

Will newer devices such as a Netgear Nighthawk help with stability?

Thanks!

TL-SG105E driving me nuts!

My ISP delivers a data an TV connection on two different subnets. In order to get stuff working hardwired, I “split” the cables in two times four wires. This, however limits my data bandwidth to 100 Mbps. I therefore thought to buy two managed switches that support 802.1Q and bought TP-link TL-SG105E.

What I want to do is to setup two VLANs. On the modem side. Port 1 and 2 video, port 3 and 4 data, port 5 trunk. In my study port 1 video, port 2, 3 and 4 data and port 5 trunk.

I created two new vlans, number 2 and 3. I tried about a million combinations: vlans tagged and unstaffed, port 5 a member and not a member. Default vlan included etc. it just won’t work. Anyone good experience with these switches?

I could use a hint or two.

Hotel wifi setup with same ssid

Its is five storeyed and has 9 routers. Planning to add 90Mbps. Is there a way to setup a good same ssid network with only these 9 routers. Any help with the best configuration would be really appreciated. Read this https://www.wlanpros.com/resources/rulesforsuccessfulhotelwifi/ But does not specify whether to connect all as APs to a single router or as router with same ssid.

Looking for local IT consulting business in Fort Wayne, IN

https://ift.tt/2sTUdAz

Reselling internet to apartments

I work for a small ISP located in a large city. Our speciality is normally rural wireless connections though. Im investigating a new possible idea. Were looking at getting layer 2 connections from our DC to apartment buildings in the city then reselling internet to the apartments. Layer 2 connections and such are cheap. So cheap we could beat out the monopoly provider by quite a bit.

Has anyone here ever tried this before?

Would it be easier to put a 48 port switches in the basement? Then run cables up to each apartment via the IDF? Or do apartment buildings normally have cabling I could reuse to get to each apartment?

Any big obstacles that would prohibit this? I have the permission of a few building managers to do this already. North American location.

Friday, June 8, 2018

How to set Big IP to full proxy for a VS

Hi,

I recently setup a Big IP 2000 (v11.2.1) in my lab. I am now discovering that my app does not like direct server return. I need the Real Servers to respond back to the Big IP VIP and not directly to the Client.

This seems like it should be a simple setting on the Big IP to change this but for the life of me I cannot seem to find it. And searching hasn't seemed to help either. What setting is this that allows the Big IP to replace the Src address in requests with the VIP address instead? Is it just a simple switch that you enable on the VS like Netscalers allow or do I need some SNAT/iRules/other cfg to make this change?

Thank you.

What Linux tools do you all use?

Currently learning the Linux CLI. I'm looking for projects I can do or tools I can mess around with that are relevant to Networking. How does Linux intersect with your daily lives?

Accessing a router with DHCP disabled.

Hello. A while ago I disabled the DHCP on my router, a Netgear. Now the NanoStation on the roof is acting as a DHCP Server. I don’t have access to the Nanostation but I can get the login in a day or two. I need to access my router, I was told that it was impossible without resetting it, is that true?

WLC 5508 captive portal and android phone users

First off, Cisco TAC already opened. Really curious to see what they know and/or recommend.

Background, android users have started to report (or see as in my case) that whenever they connect to our guest wireless the captive portal page never displays. Simply times out and they are unable to access the internet.
The fix that I have found is to use Firefox and not Chrome as the default browser. This might be acceptable to employees on-site wanting to use their personal devices by visitors cannot be expected to download another browser to use our guest wireless...
We're running 8.0.140.0 code on the WLC 5508
Some Google-foo searches showed that other users have experienced this with their Android phones in the past and when Chrome was upgraded...worked again. iPhones apparently are not affected.

Has anybody else run into this? I have a work around and TAC will be involved but I wanted to see whether the Reddit community has any additional insight. Thanks!

new anyone have any ONOS + Mininet tips tricks etc

Im new to networking and my workplace wants me to learn about ONOS sdn with mininet as a way to teach myself. Does anyone have any good resources aside from the onos and mininet wikis? Good practices? What I can expect from using these? Thanks in advance.

Cisco ISR router for home use

This may be a stupid question, and I'm not even sure that I am able to talk about this here, or should it be posted on somthing like /r/homelab, etc. but it's a question I've had for a number of months. please forgive me mods if I'm posting this in the wrong place.

If, for example, I was able to purchase a fiber modem (somthing like this) and a Cisco ISR router, would I be able to connect the fiber modem from the ethernet interface from the modem to the interface in the ISR router (fa0/0 or g0/0 in IOS)? or does this class of enterprise routers require the serial interface and a routing protocol such as RIP or ISPF to be used? or can both be used?

ASA VTI - ACL on Interface or VPN Group Policy?

Hey there

We are affected by a bug on our ASA - CSCvi79999

The "workaround" is to apply acl's to only allow specified traffic over the vitrual tunnel interface.

This is more of an academic question. There appear to be 2 different ways to go about this.

One is ACL's applied in an access group on the virtual tunnel interface itself.

The other is to apply the ACL's in the form of a VPN-Filter in the tunnel group-policy configuration.

Is one better than the other? More effective? Different but equal?

Thanks!

External IP Propagation time

So I have an external IP we bought from our ISP. It's currently assigned to a webserver behind a cisco firewall. If I change that webserver IP to internal, and change the router IP to this external IP, should I see the changes immediately, be able to access it on the web, or is their some time before the changes propagate out to the ISP?

Apple claiming "Wake on WLAN" is used for APNs notifications - anyone dealt with this?

Some of our developers have been having trouble with Wi-Fi only (i.e. no SIM) Apple devices going to sleep and not receiving their APNs notifications.

Our devs are out at the WWDC conference and the Apple guys are informing them that they send a Wake on WLAN packet down with/preceding the push notification in order to wake the phone up, and that we must be "blocking it."

They are unable to provide any kind of technical documentation on this, or really very much in the way of clarity, so I have to assume they're sending a standard UDP "magic packet" with a layer 2 address in it. To configure this on our firewall edge would be nearly impossible; we'd have to accept and forward all WOL packets sourced from Apple's subnet (since they refuse to be more specific than 17.0.0.0/8 about their APNs ranges), and send them to the broadcast addresses of all of our wireless subnets. That seems like a nightmare and I honestly don't see many corporate networking groups supporting that configuration. Aside from the security implications, the network spam of having every single APNs notification flooded to every single wireless subnet is a terrible idea.

Has anyone else had experience with Apple's Wake on WLAN? Is this really what they're expecting? Does anyone else actually do this?

I'll be doing some network edge Wireshark collection once our devs get back.

TL;DR: Apple claims they send Wake on WLAN packets to wake up the CPUs of their mobile devices. Anyone have any experience with it?

Aerohive AP131- Low bandwidth on mgt0 and eth0 (backhaul) interface

Hi, I'm just looking for any ideas on what I should look to debug an issue on Aerohive AP141 device.
Please share anything you think it might help me.

I have 11 AP141 connected to 1Gbps switch (same cabling, wall RJ45 and switch ports successfully tested with other devices, I got about 980Mbps bandwidth).

All 11 AP are "Portal" mode and have its eth0 interface in Backhaul operation mode.

Using iperf on the device to another device in LAN (or in wifi connection with a tx rate @230Mbps, 5Ghz, 40Mhz) I have always less than 100Mbps bandwidth. (0 users, no wireless interferences)

I tested iperf between AP devices and between AP device and iperf server(or client) in LAN. Both TCP and UDP.

Network interface is autosensing and it detect 1000Mbps on both switch and aerohive AP141 devices.

I did another test:

forcing the port to 100mbps full duplex (device and switch port), the bandwidth is about 10Mbps.

Monitoring the port traffic, the bandwith is the one reported by iperf, so no Iperf issues here.

This happens on all 11 devices.

Same issue in many different HiveOS version, now i'm running the latest golden: 6.5r9a.194750

Any clues?

View OSPF RIB on Nexus

Hello

Does anyone know the Nexus equivalent of the command "show ip ospf rib"?

It's missing, and really annoying me.

Thanks!

Is WAN MACsec Cisco proprietary? (Reposted from /r/sysadmins)

I’ve been given a 1G EPL from Comcast that runs from our DC to our co-location. MetroE is pretty new to me, and for the life of me I could not set up IPSec over the top of this link in the traditional manner using a Palo 3020 on each end.

After a bit of research I stumbled upon MACsec. I was surprised I hadn’t heard of this before but I though it might work in my P2P scenario. However, I’ve been reading conflicting tales about whether it works with QinQ (which is how I believe Comcast to be delivering the service) on a WAN link. I’ve noticed Cisco white papers discussing WAN MACsec, but we’re an HPE-Aruba shop. Not that I can’t work on the Cisco; person holding the purse strings is not a fan to say the least.

I have a couple of 10G HPE-Aruba 3810Ms. They are MACsec capable. I was curious, before repurposing, whether these switches will work?Does the 802.1AE standard encompass the WAN ability, or is this some other Cisco proprietary ability?

Thank you for your help!

looking for a new load balancer replacing Cisco ACE

Hi, I'm looking for a product to replace Cisco ACE primary used for load balancing e-mail, skype, SIP Voice. Need some advice in specifying functionally demands. What are some new "nice to have" "must have" ? features in today's modern load balancer?

Medium to large campuses.... how do you handle OOBM and redundant fiber runs?

My campus has ~750 IDFs. Some buildings have multiple IDFs - some buildings have only one.

My question is twofold....

How do you handle OOBM? If my organization were completely enclosed in a large office building, our density would be greater, and it would be cheaper to do OOBM. However, we have quite a few buildings that have 3-4 users in it - if that. So, we don't have a very dense network in terms of users to IDFs. The cost to implement a proper OOBM system is.... prohibitive to say the least.

Here are our options that we see now:

OpenGear ACM7004-5 w/ SFPs - $925 per IDF, total of approx $700,000. But - we now need an additional pair of fiber to each IDF (see the next problem I have)
OpenGear ACM7004-2-LMV (cellular only) - $1,015 per IDF, total of approx $765,000, with an added regular occurring cost for cellular service for 750 devices (and in my line of work, CAPEX is easier to get than OPEX).
OpenGear ACM7004-5-LMA (SFP + cellular) - $1485 per IDF, total of approx $1.1 million. And... we now have the issue of additional fiber PLUS the cellular service.
Establish an isolated network for OOBM, switches in each MDF (we have six), and use media converters + fiber to transport to the IDFs. I got a rough estimate for a decent media converter, it's $500 - so, $375,000. And... we still have the problem of not enough fiber. (See below)

In addition, none of these cost estimates address what we're going to do with the MDFs (we have six, two of which are 'data centers' as well as a core network node).

Next up, fiber. We have VERY few IDFs that have fiber laid to more than one MDF. For most of them, if we wanted to connect a switch to multiple MDFs, we'd have to build a fiber path through the first MDF to get there. So, rough numbers, if 1/6 of the switches go to an MDF (we have six MDFs), and we want to hang each switch off of both MDFs in the pair, that means:

125 pair/250 strand coming from IDFs, into MDF A that is destined for MDF A
125 pair/250 strand coming from IDFs, into MDF A that is destined for MDF B
125 pair/250 strand coming from MDF B into MDF A to connect IDFs from MDF B to MDF A
125 pair/250 strand coming from MDF A into MDF B to connect IDFs from MDF A to MDF B

This leaves me with a fiber requirement for 500 strands between the MDFs in the MDF pair, and 500 strands coming from IDFs. This doesnt even address the issue of the fiber at the IDFs. Here's an example of a particularly troublesome building:

18 stands coming from MDF-A (in building 2) to IDF-A (in building 1234)
6 stands coming from IDF-A (bldg 1234) to IDF-B (same building - 1234)
6 stands coming from IDF-A (bldg 1234) to IDF-C (same building - 1234)
This building also has a separate network housed in it for a tenant organization - they are using 4 strands for their switches, and we are using 2 for ours (with no redundant path). Therefore, we have used up every single fiber in that building, and have no more to run redundant links.

Obviously, the real solution is to run more fiber. This is VERY cost prohibitive. We do own the entirety of the land, and we do have a manhole/duct bank system - but the labor costs are intensive, as well as a very long project to accomplish. We'd be looking at probably a many millions to a billion dollars to completely overhaul it, and it'd likely take ten years.

So - that leaves me with other workarounds, such as bidirectional optics from the IDF to the MDF (allowing us to have two connections per pair, rather than only one). Then, a DWDM system to connect the MDFs together to reduce fiber requirements there.

Any thoughts on either?

Cisco Nexus vPC - Card Types

Hi,

If you want to migrate from 1 line card to another (M to F), it doesn't look that simple from first glance right?

if i remember correctly the vPC line card type plays a role in the forming of the vPC.

The scenario would be as follows:

A Nexus 7010 cluster connecting to nexus 5K and 9K in the access, the whole setup is Back 2 Back vPC. I want to move the connections of these switches from an M1 card to an F2e card which is in the chassis and added to the correct VDC.

The problem i think i will face is that when i remove the M1 interfaces from the vPC on switch 1 and shut the port-channel down and then add the interfaces from the F2e card, the vPC won't come up because it will mismatch with the peer's value of card. My idea was to always bring down 1 vPC on 1 Nexus 7K and then reconfigure the ports and then bring it back. Then configure the other end?

Or would this be a Type 2 consistency where as there will be a fault but the scenario would still forward the traffic? Or would this be a Type 1 consistency? The vPC does not come up and when shutting the other end i will create a traffic forward failure.

Any other idea's to move from this scenario?

Cable lacing tool

I'm trying to find a product that I have seen in the past. It's a circular cable organizing tool that can be used while lacing cables. Really handy when lacing a lot of cat 6 or cat 5.

Looks like this. You lay the cables in the slots, and it then clip a piece around the outside to keep the cables in and draw it towards yourself lacing the cables behind the tool. It straightens out the cables really nicely.

Made a DIY version, with just the slots and it worked really well. Would really like to find it again so I can buy one!

Anyone have any idea what it's called or who makes it?

Thursday, June 7, 2018

Cisco ASA/Firepower datacenter best practices

We're setting up a new DC colo facility and we have two FTD firewalls and two traditional ASA 5525s. I've got a few questions about connecting the sites together.

Will an active/standby pair work between Texas and Virgina?
Can I create a 'hybrid' ASA pair (FTD is primary and older ASA is secondary)
We'd like to keep the sites connected via a Layer 2 link, would latency be a problem with this?

I'm sorry if these seem like stupid questions, I've been given the task of architecting this solution and some of the questions the upper guys are asking are above my head.

New to switching, help with a script im trying to make

Hi all,

If you could help me, i would be most grateful. I am trying to script the below list of commands for HP switches, but I'm struggling to get past one thing. The script needs to run on various switches with different amounts of ports.

i need to somehow insert the highest port number (where I've put PortNumber), but the highest port number changes for each switch i run this on.

sh int br conf t lldp admin 1-PortNumber tx_rx cdp enable 1-PortNumber end wr mem sh lldp inf rem sh cdp nei exit exit y

Project - VPN Tunnel SA Discrepancies

Hello r/networking!

I am going into my final semester in undergrad, and am required to complete a senior project. Someone suggested to me a project that would pull SA settings between two firewalls, and determine if any discrepancies were existent automatically. This project would essentially aid in the troubleshooting of VPN tunnels. The main issue is that this is trying to help with is when all of the settings look the same, but maybe aren't translating effectively between two different firewall vendors. Also, this project assumes that the tunnel is functional, but not fully functional; sometimes connections timeout, RST's being sent, etc.

I have a few questions in this regard, so if anyone would like to help, I would greatly appreciate it.

Is this project practical or even worth it given the circumstances?
Is Python or another scripting language capable of logging into the firewall, and pulling these settings? (Maybe through an automated SSH since we are still technically on an internal network via a tunnel?)
How would I go about pulling the settings in general?
This one is more development related, but how would I implement a front-end GUI that would display these discrepancies that are being pulled from the back-end?

Thank you for your help, and if you have any other suggestions, that would be awesome.

P.S. I am still very green in the networking world, so my knowledge as of right now is limited. Any help is appreciated!

Pfsense VM 2.4.3-RELEASE Gateway Dropping Connection HELP

Guys got kind of a strange issue need some help with. I got a pfsense VM under ESXI. the ESXI host has 1Nic and 1USB NIC. I use the USB NIC as the WAN connection for the VM. For some reason 2-3 times a day, pfsense seems to drop the gateway. I've plugged a PC into the modem and it continues to work fine. However i have to reboot either the modem or the pfsense box to get PFsense to connect.

I've tried changing the duplex in, ESXI, and PFsense to default and manual same outcome.

The only thing i'm seeing in pfsense logs is "Dpinger WANDHCP x.x.x.x sendto error 65" I've disabled gateway monitoring and changed Data Payload to 10.

Any ideas troublshooting would help.. I've already swapped out the modem with a new one. Thinking it was a modem issue. Thanks

RANCID on HP 2530 24G: Revision every run

Hi all,

we run RANCID for our router/switch config backup every hour.

By now everything is running, except for this little blemish i am stuck with:

I recently added some HP 2530 we have at some desktop places. The funny thing is, we get a „new“ Revision every run, because the „show time“ within the „show transceivers“ generates a new output (34&35).

28 ;Cmd Info : show tech Transceivers 29 ;transceivers 30 ;Transceiver: 31 ; Port # | Type | Prod # | Serial # | Part # 32 ; -------+-----------+------------+------------------+---------- 33 ; 25 | 1000SX | J4858C | ABCDEFG | 1990-4395 34 ;show time 35 ;Thu Jun 7 07:42:21 2018 36 ;=== The command has completed successfully. === 37 ; 38 ;Configuration files:

Does anyone has managed to change /usr/local/rancid/bin/hlogin to address such behavior? On other HP-switches it just works fine w/ the original config file…

Any advice is appreciated, i would love to just get notified on real changes :)

Allow a virtual machine to communicate to a cross-over connected device on host

I have a Windows Server 2016 VM running on Hyper-V which is running itself on Windows 10 Pro.

The VM host has two physical adapters: a wireless card and an Ethernet card.

The host’s Ethernet port is connected to the device through a crossover cable. This device is the one I’m trying to communicate to from the VM. We have the Host’s IP set manually to 192.168.1.100 and I believe the device’s address is 101. We can communicate through the host to the device correctly.

The wireless card of host is connected to a network & internet.

What kind of ‘virtual switch’ should I have the VM use in Hyper-V? (External, internal, private; using Ethernet or Wireless?) Do I need to manually change the IP/Mask/Gateway to anything specific?

I’ve been unable to properly communicate between VM and device and was hoping someone could point me in a direction as I’m a bit over my head.

Wednesday, June 6, 2018

Using Inside switch to terminate internet circuits

In an attempt to save money, my company wants to forgo outside switches and terminate 2x internet hand-offs on our layer 2 inside switches (2 dedicated vlans) that would then feed into our firewalls. Any compelling arguments against doing this?

Help on getting router to router communication with different subnets

Hey there everyone, I am trying to setup these computer racks as an expansion to the current racks for a business I am working with. I have Cisco RV325 routers and 4 computers I need to be able to get a DHCP IP from the router inside the rack. The DHCP IP should be the same for the machine that is connected to that Ethernet port. So should PC1 be connected to Port 1 it should get, and only get 192.168.1.101, and should that computer need to be replaced, the replacement computer will automatically get that same IP with not static IP configuration setting. We then need to be able to daisy chain these racks so that only one Ethernet cord needs to go to the master computer. Looking something like this:

Master Computer <- Expansion Rack 1 <- Expansion Rack 2 <- and so on.

The master computer needs to be able to communicate with every computer inside of this mini-network at any time. I have tried setting up VLANs for each port, enabling inter-VLAN communication, then plugging in the routers to each other via their LAN ports, I will be able to ping the local expansion rack computers but not anything beyond that rack. From what I am understanding what would work would be having a master router so it would look more like: Master Computer <- Master Router <- Expansion Rack 1 Expansion Rack 2 and so on.

So I am wondering if my first layout can/would work and if I just don’t have the correct settings, if I have to use the second layout what can I expect from that in terms of problems, and if there is frankly a simpler/easier way that I could do this. Thank you for the help in advance.

Wi-fi analytics

Can anyone reccomend a wi-if analytics solution. We are testing purple.ai but it does not seem ready for primetime.

Cyclades 16 Port Terminal Server Model TS1000

Has anyone heard of or has used this console server? I’m looking around for a cheap one and eBay has this listing for ~$100. Good deal or nah? I need at least 16 ports, no more than 24.

F5 active-standby to active-active

I've got a pair of F5 devices which need to change from active / standby to active / active.These are production devices but can have a few mins of downtime, if required.

My question is, does anyone have a useful documentation or web reference that I'm able to refer to?I've done a heap of searching but haven't found much information.F5 documentation is more or unless non-existent.Any info would be appreciated.

Device info:Platform - BIG-IP Virtual EditionSoftware
Version - BIG-IP v12.1.2 (Build 0.0.249)

Streaming video from ski boat (2000' distance)

https://ift.tt/2sB7te8

Junos - IPSec VPN over LTE interface routing issues...

Hi Guys,

Bit of a weird one that I cant seem to bottom, was wondering if anybody could throw any light on it..

We have a Juniper SRX with an LTE PIM installed for cellular connectivity to the internet, we want to create an IPSEC VPN back to our HQ over this transport.

We have an all 0's route pointed down the st0 interface and a /32 host route pointed down the dl0 interface that connects to the internet (we cannot route to next hop as the dialler interface is DHCP and this could change - VPN is set to aggressive mode to mitigate this for the IPSec VPN side of things)

The weird thing is that the /32 host route to the head office public VPN address gets withdrawn from the routing table as soon as the all 0's default route gets installed - resulting in the IPsec tunnel being established and then ageing out, until the all 0's route gets withdrawn and the /32 route gets installed again - then this cycle starts again and again

I have always routed to next hops as opposed to exit interfaces for VPNs so I believe this may be part of the issue as I have never ran into anything like this before.

Does anyone have any ideas?

Thanks

Unable to configure STP on HPE 16 20

Hi,

I'm currently having issues with iPXE boot and DHCP via fog deploy using HPE 16 20 switches, i managed to fix this issue by switching default spanning tree protocol to rapid spanning tree protocol on another switch.

Is the STP configuration impossible on this model ?

Why do I need iBGP between routers within the same AS?

Hi,

So I understand that I need iBGP between routers advertising the same prefix but do I need iBGP if I have two routers (within the same AS) advertising different prefixes to different peers/ISPs?

Thanks

Radius based VLAN assignment with Ubiquiti

Hello,

I was just wondering about some pros/cons in regards to a future project, we are tasked to implement a radius based wireless (for dynamic vlan assignment) in multiple buildings that lease out office space to customers (it's a shared building with a shared network, nothing fancy, just vlans and an ASA)

There are 5 sites in total and we are heading towards an azure based machine running server 2016+NPS (which is already setup due to a number of other services that we have on azure like the ubiquiti controller). I've been looking into running a vpn between our sites but since we took this over from a previous MSP, IP addresses/scheme is practically the same across all sites. Since we've implemented a new wireless setup, I made the subnets unique at each site incase when we deployed it to not run into any issues with site to site vpns between the sites if we were to ever implement that solution.

I've labbed this up and managed to get it working all fine although was asked to test it without a VPN to azure. I've been looking into the same solution and the cons with doing this over the public internet with no vpn vs a vpn and even explained the issues we would solve (and run into) but feel like I might not be catching all the cons/pros

How to ask Radius to redirect a user after timeout?

Is it possible to use Radius to redirect a user to a URL once the user has reached session timeout?

I know we can redirect user after successful login, but how about redirect after session ended?

Tuesday, June 5, 2018

SFP+ Cable 15m

Hello,

I am looking at purchasing a 4x 10GB 15m SFP+ to SFP+ cables to go between our 6800 and 3850 switches

I have been warned about issues going above 10m cables for SFP+ cables? does anyone user 10m plus active cables or had issues?

I am not sure if I can allowed to paste links to where I am google searching but ill give it a go so you can see the item description - they also do unto 30m but its whether I am going to hit any issues?

https://www.fs.com/products/40091.html 15m (49ft) Cisco SFP-10G-AOC15M Compatible 10G SFP+ Active Optical Cable

just want some further acknowledgement and he was told by someone from someone by someone so unsure how real the comment is

Old Stratix Switch Firmware Login help

Hello everyone, I have just started working at a new company which primarily uses startix switches. I have been tasked with mapping out the network and in doing so I need to be able to access the device settings. The problem is one switch that i have been trying to access is possibly on an older firmware and displays a login page rather than a pop-up login bar. Along with this entering anything into the login page does nothing, either the page freezes or nothing loads. Does anyone have any idea how i would access this switch WITHOUT resetting to factory. Thank you

Chillispot hotspotlogin.php doesn't redirect on timeout

I got the code from the Internet and it works with my DDWRT and Radius (on AWS) with Chillispot enabled. But when the users session has timeout, the web browser tab does not redirect to the login page again (I'm still on the same browser tab that I initially logged in) .

Below is the code. How can I make it redirect?

<?php # # chilli - ChilliSpot.org. A Wireless LAN Access Point Controller # Copyright (C) 2003, 2004 Mondru AB. # # The contents of this file may be used under the terms of the GNU # General Public License Version 2, provided that the above copyright # notice and this permission notice is included in all copies or # substantial portions of the software. # Redirects from ChilliSpot daemon: # # Redirection when not yet or already authenticated # notyet: ChilliSpot daemon redirects to login page. # already: ChilliSpot daemon redirects to success status page. # # Response to login: # already: Attempt to login when already logged in. # failed: Login failed # success: Login succeded # # logoff: Response to a logout # Shared secret used to encrypt challenge with. Prevents dictionary attacks. # You should change this to your own shared secret. $uamsecret = "dssdsdsdds"; # Uncomment the following line if you want to use ordinary user-password # for radius authentication. Must be used together with $uamsecret. #$userpassword=0; # Our own path $loginpath = $_SERVER['PHP_SELF']; $ChilliSpot="ChilliSpot"; $title="$ChilliSpot Login"; $centerUsername="Username"; $centerPassword="Password"; $centerLogin="Login"; $centerPleasewait="Please wait......."; $centerLogout="Logout"; $h1Login="$ChilliSpot Login"; $h1Failed="$ChilliSpot Login Failed"; $h1Loggedin="Logged in to $ChilliSpot"; $h1Loggingin="Logging in to $ChilliSpot"; $h1Loggedout="Logged out from $ChilliSpot"; $centerdaemon="Login must be performed through $ChilliSpot daemon"; $centerencrypted="Login must use encrypted connection"; # Make sure that the form parameters are clean #$OK_CHARS='-a-zA-Z0-9_.@&=%!'; #$_ = $input = <STDIN>; #s/[^$OK_CHARS]/_/go; #$input = $_; # Make sure that the get query parameters are clean #$OK_CHARS='-a-zA-Z0-9_.@&=%!'; #$_ = $query=$ENV{QUERY_STRING}; #s/[^$OK_CHARS]/_/go; #$query = $_; # If she did not use https tell her that it was wrong. /*if (!($_ENV['HTTPS'] == 'on')) { # echo "Content-type: text/html\n\n"; echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"> <html> <head> <title>$title</title> <meta http-equiv=\"Cache-control\" content=\"no-cache\"> <meta http-equiv=\"Pragma\" content=\"no-cache\"> </head> <body bgColor = '#c0d8f4'> <h1 style=\"text-align: center;\">$h1Failed</h1> <center> $centerencrypted </center> </body> <!-- <?xml version=\"1.0\" encoding=\"UTF-8\"?> <WISPAccessGatewayParam xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"http://www.acmewisp.com/WISPAccessGatewayParam.xsd\"> <AuthenticationReply> <MessageType>120</MessageType> <ResponseCode>102</ResponseCode> <ReplyMessage>Login must use encrypted connection</ReplyMessage> </AuthenticationReply> </WISPAccessGatewayParam> --> </html> "; exit(0); }*/ # Read form parameters which we care about if (isset($_POST['UserName'])) $username = $_POST['UserName']; if (isset($_POST['Password'])) $password = $_POST['Password']; if (isset($_POST['challenge'])) $challenge = $_POST['challenge']; if (isset($_POST['button'])) $button = $_POST['button']; if (isset($_POST['logout'])) $logout = $_POST['logout']; if (isset($_POST['prelogin'])) $prelogin = $_POST['prelogin']; if (isset($_POST['res'])) $res = $_POST['res']; if (isset($_POST['uamip'])) $uamip = $_POST['uamip']; if (isset($_POST['uamport'])) $uamport = $_POST['uamport']; if (isset($_POST['userurl'])) $userurl = $_POST['userurl']; if (isset($_POST['timeleft'])) $timeleft = $_POST['timeleft']; if (isset($_POST['redirurl'])) $redirurl = $_POST['redirurl']; # Read query parameters which we care about if (isset($_GET['res'])) $res = $_GET['res']; if (isset($_GET['challenge'])) $challenge = $_GET['challenge']; if (isset($_GET['uamip'])) $uamip = $_GET['uamip']; if (isset($_GET['uamport'])) $uamport = $_GET['uamport']; if (isset($_GET['reply'])) $reply = $_GET['reply']; if (isset($_GET['userurl'])) $userurl = $_GET['userurl']; if (isset($_GET['timeleft'])) $timeleft = $_GET['timeleft']; if (isset($_GET['redirurl'])) $redirurl = $_GET['redirurl']; #$reply =~ s/\+/ /g; #$reply =~s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg; $userurldecode = $userurl; #$userurldecode =~ s/\+/ /g; #$userurldecode =~s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg; $redirurldecode = $redirurl; #$redirurldecode =~ s/\+/ /g; #$redirurldecode =~s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg; #$password =~ s/\+/ /g; #$password =~s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg; # If attempt to login if ($button == 'Login') { $hexchal = pack ("H32", $challenge); if ($uamsecret) { $newchal = pack ("H*", md5($hexchal . $uamsecret)); } else { $newchal = $hexchal; } $response = md5("\0" . $password . $newchal); $newpwd = pack("a32", $password); $pappassword = implode ("", unpack("H32", ($newpwd ^ $newchal))); # sleep 5; # echo 'Content-type: text/html\n\n'; echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"> <html> <head> <title>$title</title> <meta http-equiv=\"Cache-control\" content=\"no-cache\"> <meta http-equiv=\"Pragma\" content=\"no-cache\">"; if (isset($uamsecret) && isset($userpassword)) { echo " <meta http-equiv=\"refresh\" content=\"0;url=http://$uamip:$uamport/logon?username=$username&password=$pappassword\">"; } else { echo " <meta http-equiv=\"refresh\" content=\"0;url=http://$uamip:$uamport/logon?username=$username&response=$response&userurl=$userurl\">"; } echo "</head> <body bgColor = '#c0d8f4'> <h1 style=\"text-align: center;\">$h1Loggingin</h1> <center> $centerPleasewait </center> </body> <!-- <?xml version=\"1.0\" encoding=\"UTF-8\"?> <WISPAccessGatewayParam xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"http://www.acmewisp.com/WISPAccessGatewayParam.xsd\"> <AuthenticationReply> <MessageType>120</MessageType> <ResponseCode>201</ResponseCode> "; if (isset($uamsecret) && isset($userpassword)) { echo "<LoginResultsURL>http://$uamip:$uamport/logon?username=$username&password=$pappassword</LoginResultsURL>"; } else { echo "<LoginResultsURL>http://$uamip:$uamport/logon?username=$username&response=$response&userurl=$userurl</LoginResultsURL>"; } echo "</AuthenticationReply> </WISPAccessGatewayParam> --> </html> "; exit(0); } switch($res) { case 'success': $result = 1; break; // If login successful case 'failed': $result = 2; break; // If login failed case 'logoff': $result = 3; break; // If logout successful case 'already': $result = 4; break; // If tried to login while already logged in case 'notyet': $result = 5; break; // If not logged in yet case 'smartclient': $result = 6; break; // If login from smart client case 'popup1': $result = 11; break; // If requested, it shows a logging in pop up window case 'popup2': $result = 12; break; // If requested, it shows a success pop up window case 'popup3': $result = 13; break; // If requested, it shows a logout pop up window default: $result = 0; // Default: It was not a form request } # Otherwise it was not a form request # Send out an error message if ($result == 0) { # echo "Content-type: text/html\n\n"; echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"> <html> <head> <title>$title</title> <meta http-equiv=\"Cache-control\" content=\"no-cache\"> <meta http-equiv=\"Pragma\" content=\"no-cache\"> </head> <body bgColor = '#c0d8f4'> <h1 style=\"text-align: center;\">$h1Failed</h1> <center> $centerdaemon </center> </body> </html> "; exit(0); } # Generate the output #echo "Content-type: text/html\n\n"; echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"> <html> <head> <title>$title</title> <meta http-equiv=\"Cache-control\" content=\"no-cache\"> <meta http-equiv=\"Pragma\" content=\"no-cache\"> <SCRIPT LANGUAGE=\"JavaScript\"> var blur = 0; var starttime = new Date(); var startclock = starttime.getTime(); var mytimeleft = 0; function doTime() { window.setTimeout( \"doTime()\", 1000 ); t = new Date(); time = Math.round((t.getTime() - starttime.getTime())/1000); if (mytimeleft) { time = mytimeleft - time; if (time <= 0) { window.location = \"$loginpath?res=popup3&uamip=$uamip&uamport=$uamport\"; } } if (time < 0) time = 0; hours = (time - (time % 3600)) / 3600; time = time - (hours * 3600); mins = (time - (time % 60)) / 60; secs = time - (mins * 60); if (hours < 10) hours = \"0\" + hours; if (mins < 10) mins = \"0\" + mins; if (secs < 10) secs = \"0\" + secs; title = \"Online time: \" + hours + \":\" + mins + \":\" + secs; if (mytimeleft) { title = \"Remaining time: \" + hours + \":\" + mins + \":\" + secs; } if(document.all || document.getElementById){ document.title = title; } else { self.status = title; } } function popUp(URL) { if (self.name != \"chillispot_popup\") { chillispot_popup = window.open(URL, 'chillispot_popup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=375'); } } function doOnLoad(result, URL, userurl, redirurl, timeleft) { if (timeleft) { mytimeleft = timeleft; } if ((result == 1) && (self.name == \"chillispot_popup\")) { doTime(); } if ((result == 1) && (self.name != \"chillispot_popup\")) { chillispot_popup = window.open(URL, 'chillispot_popup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=375'); } if ((result == 2) || result == 5) { document.form1.UserName.focus() } if ((result == 2) && (self.name != \"chillispot_popup\")) { chillispot_popup = window.open('', 'chillispot_popup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=400,height=200'); chillispot_popup.close(); } if ((result == 12) && (self.name == \"chillispot_popup\")) { doTime(); if (redirurl) { opener.location = redirurl; } else if (opener.home) { opener.home(); } else { opener.location = \"about:home\"; } self.focus(); blur = 0; } if ((result == 13) && (self.name == \"chillispot_popup\")) { self.focus(); blur = 1; } } function doOnBlur(result) { if ((result == 12) && (self.name == \"chillispot_popup\")) { if (blur == 0) { blur = 1; self.focus(); } } } </script> </head> <body onLoad=\"javascript:doOnLoad($result, '$loginpath?res=popup2&uamip=$uamip&uamport=$uamport&userurl=$userurl&redirurl=$redirurl&timeleft=$timeleft','$userurldecode', '$redirurldecode', '$timeleft')\" onBlur = 'javascript:doOnBlur($result)' bgColor = '#c0d8f4'>"; # begin debugging print "<center>THE INPUT (for debugging):<br>"; foreach ($_GET as $key => $value) { print $key . "=" . $value . "<br>"; } print "<br></center>"; # end debugging if ($result == 2) { echo " <h1 style=\"text-align: center;\">$h1Failed</h1>"; if ($reply) { echo "<center> $reply </BR></BR></center>"; } } if ($result == 5) { echo " <h1 style=\"text-align: center;\">$h1Login</h1>"; } if ($result == 2 || $result == 5) { echo " <form name=\"form1\" method=\"post\" action=\"$loginpath\"> <input type=\"hidden\" name=\"challenge\" value=\"$challenge\"> <input type=\"hidden\" name=\"uamip\" value=\"$uamip\"> <input type=\"hidden\" name=\"uamport\" value=\"$uamport\"> <input type=\"hidden\" name=\"userurl\" value=\"$userurl\"> <input type=\"hidden\" name=\"UserName\" value=\"test\"> <input type=\"hidden\" name=\"Password\" value=\"jmsb2468\"> <center> <table border=\"0\" cellpadding=\"5\" cellspacing=\"0\" style=\"width: 217px;\"> <tbody> <tr> <td align=\"center\" colspan=\"2\" height=\"23\"><input type=\"submit\" name=\"button\" value=\"Login\" onClick=\"javascript:popUp('$loginpath?res=popup1&uamip=$uamip&uamport=$uamport')\"></td> </tr> </tbody> </table> </center> </form> </body> </html>"; } if ($result == 1) { echo " <h1 style=\"text-align: center;\">$h1Loggedin</h1>"; if ($reply) { echo "<center> $reply </br></br></center>"; } echo " <center> <a href=\"http://$uamip:$uamport/logoff\">Logout</a> </center> </body> </html>"; } if (($result == 4) || ($result == 12)) { echo " <h1 style=\"text-align: center;\">$h1Loggedin</h1> <center> <a href=\"http://$uamip:$uamport/logoff\">$centerLogout</a> </center> </body> </html>"; } if ($result == 11) { echo " <h1 style=\"text-align: center;\">$h1Loggingin</h1> <center> $centerPleasewait </center> </body> </html>"; } if (($result == 3) || ($result == 13)) { echo " <h1 style=\"text-align: center;\">$h1Loggedout</h1> <center> <a href=\"http://$uamip:$uamport/prelogin\">$centerLogin</a> </center> </body> </html>"; } exit(0); ?>

New Engineer, trying to make a name for himself. Wanting to learn ACI

Happy Tuesday!

I am a new Jr Network engineer on my team of 5 other Engineers and an architect.

I've been on this team for about 6 months now and have been looking around for what the team lacks and to where I can help out and make a name for myself on the team.

With that said, our company has decided to make the move to a COLO and will do so in the next 12-16 months. There's been some talk about ACI but none of the engineers know how to use it.

I'm thinking this could be my chance to step up and get a massive head start now by learning ACI, so that way when we move to the COLO and head towards ACI I can hopefully be the team lead for it.

Now my question is, has anyone had experience with ACI or has their company moved towards this?

What are some classes, books, training, etc. that I can get into now to learn some basics? What are some advanced courses?

I know ACI has been out now for a few years but it is still very new so I am not sure what training is out there yet.

Thank you all in advance for any input. I have had great success with this community in the past and am looking forward to the replies.

Use sFlow and Graphite to monitor HP ProCurve switches

Has anyone here already experience in using sflow and graphite? I'm currently trying to implement the monitoring of several HP ProCurve switches into Graphite and Grafana. So far I've installed all the software necessary to collect and convert the sflow information into data for graphite:

host sFlow

sflowtool

sflow2graphite

I have also been able to fetch the data from one switch and display it in Grafana, but I haven't figured out, how to use sFlow data from different agents and display it in Grafana. If several agents are sending data to one or multiple host sFlow collectors, the data gets merged. Therefore it is not possible to select different switches when building a Grafana graph.

Since there is no information on that in the official sFlow documentation I am wondering if this is even possible with Graphite.

45 drives / backblaze

So hello,

We purchased a 45 drive pod back in 2012 or 13 and had it on storage all this time. With Ramadan going on, I needed to keep busy, so I've taken it out and so far, I have a basic structure up.

I'm still sitting with a lot of components and in having a hard time figuring out what goes where. Unfortunately they took down the instructions and I haven't found much on the web.

What I need, if anybody has it, is the instructions for putting it together. It was the first thing we bought for our company and its waited a long time.

Even just pictures will do, that is what they had on the wiki site anyway.

Thanks.

Mod, if it doesn't go here, please put it on the appropriate sub.

Ethernet cable problems?

I have a network cable that when connected to diagnostic line analyzer which will display a full gigabit path but when I hook it up into the real world between my edge router X-SFP and PC the dashboard on the router displays link aggregation at 100mbps.

What would be causing this downgrade link?

Monday, June 4, 2018

How prevalent is EIGRP??

I’m wading my way through some INE CCIE videos and I get to the EIGRP section...ugh! Like 20 videos devoted to a proprietary protocol that most people avoid specifically because it’s proprietary. Do any large enterprise networks use EIGRP? I can only speak to networks I’ve worked on, but I’ve almost never seen it used in production. Cisco - stop trying to make EIGRP happen - it’s not going to happen! Or am I missing something?

Firewalling multicast traffic

I have a LAN with multiple video encoders transmitting the videos on multicast which runs over multiple Juniper SRX routers on /30 (routed) links and OSPF between all areas. I am getting a point-to-point layer 2 connection installed to connect to a third party company.

I need to let the 3rd party receive the multicast stream for 1 particular stream.

What firewall rules do I need to put in to allow the one stream only through? Should the policy be "from LAN to 3rdparty" or "from 3rdparty to LAN"? Also, should the source / destination address be the multicast address or the origin IP address? Is there anything else I should consider when doing this?

Network diagram: https://i.imgur.com/nmIt7SE.png

If I've left anything out please let me know. I've never connected to 3rd parties like this before so welcome all feedback.

Route Traffic between two subnets separated by another network

Please consider the following image: https://i.imgur.com/D0db4cn.png

I have four hosts; A, B, X, and Y.
I have three networks; 192.168.1.0/24, 192.168.2.0/24, and 172.16.1.0/24. (hosts A and B have separate connections to the internet via their eth0)
On Host-A I have this route: ip route add 192.168.2.0/24 via 172.16.1.2
On Host-B I have this route: ip route add 192.168.1.0/24 via 172.16.1.1

I want to be able to ssh to Host-Y from Host-X (and vice versa). I also want to be able to reach the internet from Host-X via Host-A, and from Host-Y via Host-B.

What would be the iptables rules to allow for such a network configuration? Do I need any extra routes?

Inside the Beach House Connecting the World’s Internet

https://www.youtube.com/watch?v=iMAThVcqzuk

Interesting video- thought the circular cable layout was brilliant.

Main differences between a ethernet packet and wireless packet?

I feel like I should know this since I'm studying for my CCNA certification but I can't find simple digestable information anywhere. Can anyone help me out?

Currently I'm trying to write a program that removes TCP and IPV4 headers and trailers that leaves only the payload to be parsed. My program works for ethernet but doesn't work on wireless internet.

Juniper SRX DNS idle timeouts

Hi all,

I'm trying to get to the bottom of some interesting traffic that I'm seeing when troubleshooting some JBOSS application servers issues in my network. Going through traffic logs I can see a number of different session timing out for various reasons but one of the interesting ones are DNS lookups.

Essentially, I can see from the logs that DNS lookups are all being closed with a reason of 'idle timeout' with 1 packet sent and received and an elapsed time of 2 to 5 seconds however, whats confusing me is that DNS idle timeout values on Junipers is 60 seconds.

I think that this is fine and just the way that the Juniper logs a closed UDP session but I can't find any evidence for this anywhere I look.

Has anyone come across this before or know if my presumption that this isn't an issue is correct?

Beginner question - how to avoid replication of corrupt data in an active/active design?

Hi,

I'm doing some general research and one thing I can't seem to answer is, in a high availability design, if there is "live" replication across two sites, won't a corruption on one component affect the other site, thereby bringing the whole thing down?

Is there anything I am missing?

Apologies if this isn't the right sub for this - would appreciate pointers to an alternative if so.

Thanks

Connecting garage to house (about 100 ft away)

I’m looking at adding a wired connection between my house and garage. I need high bandwidth coming into the garage because I’m building a home office there and require the bandwidth (300 Mbps or higher). After weighing wireless options, I’m landing on wired as my best bet for my needs.

That said, I’ve looked at running coax and Cat5/6. I’m landing on using coax (grounded at both structures) with MOCA 2.0 adapters on each end from a durability standpoint.

Are there any considerations in doing this, or options I should be (re)considering?

Thanks!